Password Strength - Why It Does Not Matter →
Concisely crafted (by Dinei Florencio, Cormac Herley, and Paul C. Can Oorschot) contributed article - entitled 'Pushing on String: The 'Don't Care' Region of Password Strength' - in this month's Communications of the ACM, details research on why organizations that enforce strict password 'composition' security policies end up with flawed password-related security issues - effectively the same as those organizations that do not enforce password strength. Something to get those wheels of cogitation spinning over the weekend...
IoT'd →
New, oddly optimistic screed - detailing the belief that ISP's should mitigate/remediate bad IoTbehaviors - has surfaced at Wired. You be the judge.
Ктосделал? Россия и Принуждение через киберпространство →
That is, "Whodunnit? Russia and Coercion through Cyberspace" a superlative blog post by Robert Morgus at War on the Rocks is today's MustRead.
Cyber Insecurity: Emerging Policy Tools in Cybersecurity →
This mornings' dive into Beltway views of Information and Cybersecurity Security was brought to my excruciatingly long (as opposed to short) attention span by a fellow member of theInternet Society - Joly MacFie (Joly is a member of the ISOC NY Chapter).
Panel participants are Jane Chong of the Hoover Institution and the National Security and Law Associate there, Joshua Corman - the Director of Cyber Statecraft Initiative at the Atlantic Council, Robert Morgus - a Policy Analyst for Cybersecurity Initiative, New America thinktank and Sasha Romanosky - Policy Researcher at the RAND Corporation and Faculty Member at the Pardee School; with the Panel Moderator- Trey Herr, Fellow, Harvard Belfer Center and Non-Resident Cybersecurity Fellow, New America's Cybersecurity Initiative and the Editor, Cyber Insecurity: Navigating the Perils of the Next Information Age. All in all, a stellar panel, and an engaging video.
Enjoy.
PREDATOR →
PREDATOR – Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration, described in the released paper, details the newly developed capability to predict bad-behavior (in this case criminally bad behavior), with the use of analytics at the time of domain registration. Created by Nick Feamster, Shuang Ho, Alex Kantchelian, Brad Miller and Vern Paxson. Outstanding.
"Princeton professor Nick Feamster and University of California Santa Barbara PhD student Shuang Ho worked with Alex Kantchelian (UC Berkley), Google's Brad Miller and Vern Paxson of the International Computer Science Institute to create PREDATOR – Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration...." "The important numbers are: the researchers say PREDATOR identified 70 per cent of domain registrations that were later abused; and they claim a false positive rate of just 0.35 per cent." - via El Reg's Richard Chirgwin
No Fix Inject →
via ZDNet's Charlie Osborne comes a well-wrought report of the continued unremediated and unmitigated flaws in Microsoft Corporation's (NasdaqGS: MSFT) Windows 10.
Rooted →
Via the eponymous Dan Goodin, writing at ArsTechnica, comes news of the latest flaw in Android, this time, based on DirtyCow code. Our take? Be prepared to mitigate this flaw ASAP. The timeline for exploit mitigation on Android? Unknown, due to the lack of established patch management planning by the major manufacturers.... Astonishing.
"Now that the Dirty Cow hole has been patched in the Linux kernel, it's only a matter of time until the fix makes its way into Android, too...." "Of course, that's not available for a large number of devices, mostly because of limitations set by manufacturers and carriers." - via ArsTechnica's Dan Goodin
Checklists, Sometimes A Great Notion →
Well-scrivened checklist based post at Health Care IT News and penned by Tom Sullivan discuses the use of those checklists within information, cyber and network security realms. Today's MustRead. While the use of checklists has been recommended for millennia (eg. hieroglyphic shopping lists...) , all-to often, those highly efficient checklists can lead to a lack of innovation. HatTip kudos to PhoneBoy.